cuberite/libevent
1
0
Fork 0
mirror of https://github.com/cuberite/libevent.git synced 2025-09-12 05:48:51 -04:00
Code Issues Packages Projects Releases Wiki Activity

buffer: fix overflow check in evbuffer_expand_singlechain()

Browse Source 
Refs: #306
Fixes: #340
Fixes: 20d6d4458bee5d88bda1511c225c25b2d3198d6c
This commit is contained in:
Azat Khuzhin 2016-06-21 19:49:57 +03:00
parent 48dab7aa33
commit a3f4ccd1a1
1 changed files with 1 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
buffer.c
View File

@ -1982,8 +1982,7 @@ evbuffer_expand_singlechain(struct evbuffer *buf, size_t datlen)
/* Would expanding this chunk be affordable and worthwhile? */ /* Would expanding this chunk be affordable and worthwhile? */
if (CHAIN_SPACE_LEN(chain) < chain->buffer_len / 8 || if (CHAIN_SPACE_LEN(chain) < chain->buffer_len / 8 ||
chain->off > MAX_TO_COPY_IN_EXPAND || chain->off > MAX_TO_COPY_IN_EXPAND ||
(datlen < EVBUFFER_CHAIN_MAX && datlen >= (EVBUFFER_CHAIN_MAX - chain->off)) {
EVBUFFER_CHAIN_MAX - datlen >= chain->off)) {
/* It's not worth resizing this chain. Can the next one be /* It's not worth resizing this chain. Can the next one be
* used? */ * used? */
if (chain->next && CHAIN_SPACE_LEN(chain->next) >= datlen) { if (chain->next && CHAIN_SPACE_LEN(chain->next) >= datlen) {